Configuring ports, Configuring ports 0 – Allied Telesis AT-8100 Series User Manual

Chapter 69: MAC Address-based Port Security

1040

Configuring Ports

There are three things you need to decide before you configure MAC
address-based port security on the ports. They are:



What is the maximum number of source MAC addresses the ports
can learn?



Should the source MAC addresses learned by the ports be stored
as dynamic or static addresses in the MAC address table?



Is the intrusion action protect, restrict, or shutdown?

See Table 109 for a list of the commands.

These commands are found in the Port Interface mode and can be
entered in any order when you configure the ports.

Here are a few examples on how to use the commands. In this first
example, ports 4 and 5 are configured to learn up to 25 source MAC
addresses each, and to store the addresses as static addresses in the
MAC address table. The intrusion action is set to protect so that the ports
discard packets with unknown MAC addresses after they have learned the
maximum number of addresses, but the switch does not send SNMP
traps:

Table 109. MAC Address-based Port Security Commands and Descriptions

To

Use This Command

Range

Set the maximum number of source
MAC addresses a port can learn.

SWITCHPORT PORT-SECURITY
MAXIMUM value

0 to 255
addresses

Configure ports to save the source
MAC addresses as dynamic
addresses in the MAC address table.

SWITCHPORT PORT-SECURITY
AGING

-

Configure ports to save the source
MAC addresses as static addresses in
the MAC address table.

NO SWITCHPORT PORT-SECURITY
AGING

-

Set the intrusion action on the ports.

SWITCHPORT PORT-SECURITY
VIOLATION PROTECT|RESTRICT|
SHUTDOWN

-